replace)
// returns substituted string.
// WARNING: this is pretty basic, and doesn't properly handle search strings that are substrings of each other.
// For instance if 'test' => "foo" and 'testing' => "bar", testing could become either bar or fooing,
// depending on the order in which they were declared in the array.
require_once("include/template_processor.php");
if(! function_exists('replace_macros')) {
function replace_macros($s,$r) {
global $t;
return $t->replace($s,$r);
}}
// random hash, 64 chars
if(! function_exists('random_string')) {
function random_string() {
return(hash('sha256',uniqid(rand(),true)));
}}
/**
* This is our primary input filter.
*
* The high bit hack only involved some old IE browser, forget which (IE5/Mac?)
* that had an XSS attack vector due to stripping the high-bit on an 8-bit character
* after cleansing, and angle chars with the high bit set could get through as markup.
*
* This is now disabled because it was interfering with some legitimate unicode sequences
* and hopefully there aren't a lot of those browsers left.
*
* Use this on any text input where angle chars are not valid or permitted
* They will be replaced with safer brackets. This may be filtered further
* if these are not allowed either.
*
*/
if(! function_exists('notags')) {
function notags($string) {
return(str_replace(array("<",">"), array('[',']'), $string));
// High-bit filter no longer used
// return(str_replace(array("<",">","\xBA","\xBC","\xBE"), array('[',']','','',''), $string));
}}
// use this on "body" or "content" input where angle chars shouldn't be removed,
// and allow them to be safely displayed.
if(! function_exists('escape_tags')) {
function escape_tags($string) {
return(htmlspecialchars($string));
}}
// generate a string that's random, but usually pronounceable.
// used to generate initial passwords
if(! function_exists('autoname')) {
function autoname($len) {
$vowels = array('a','a','ai','au','e','e','e','ee','ea','i','ie','o','ou','u');
if(mt_rand(0,5) == 4)
$vowels[] = 'y';
$cons = array(
'b','bl','br',
'c','ch','cl','cr',
'd','dr',
'f','fl','fr',
'g','gh','gl','gr',
'h',
'j',
'k','kh','kl','kr',
'l',
'm',
'n',
'p','ph','pl','pr',
'qu',
'r','rh',
's','sc','sh','sm','sp','st',
't','th','tr',
'v',
'w','wh',
'x',
'z','zh'
);
$midcons = array('ck','ct','gn','ld','lf','lm','lt','mb','mm', 'mn','mp',
'nd','ng','nk','nt','rn','rp','rt');
$noend = array('bl', 'br', 'cl','cr','dr','fl','fr','gl','gr',
'kh', 'kl','kr','mn','pl','pr','rh','tr','qu','wh');
$start = mt_rand(0,2);
if($start == 0)
$table = $vowels;
else
$table = $cons;
$word = '';
for ($x = 0; $x < $len; $x ++) {
$r = mt_rand(0,count($table) - 1);
$word .= $table[$r];
if($table == $vowels)
$table = array_merge($cons,$midcons);
else
$table = $vowels;
}
$word = substr($word,0,$len);
foreach($noend as $noe) {
if((strlen($word) > 2) && (substr($word,-2) == $noe)) {
$word = substr($word,0,-1);
break;
}
}
if(substr($word,-1) == 'q')
$word = substr($word,0,-1);
return $word;
}}
// escape text ($str) for XML transport
// returns escaped text.
if(! function_exists('xmlify')) {
function xmlify($str) {
$buffer = '';
for($x = 0; $x < strlen($str); $x ++) {
$char = $str[$x];
switch( $char ) {
case "\r" :
break;
case "&" :
$buffer .= '&';
break;
case "'" :
$buffer .= ''';
break;
case "\"" :
$buffer .= '"';
break;
case '<' :
$buffer .= '<';
break;
case '>' :
$buffer .= '>';
break;
case "\n" :
$buffer .= "\n";
break;
default :
$buffer .= $char;
break;
}
}
$buffer = trim($buffer);
return($buffer);
}}
// undo an xmlify
// pass xml escaped text ($s), returns unescaped text
if(! function_exists('unxmlify')) {
function unxmlify($s) {
$ret = str_replace('&','&', $s);
$ret = str_replace(array('<','>','"','''),array('<','>','"',"'"),$ret);
return $ret;
}}
// convenience wrapper, reverse the operation "bin2hex"
if(! function_exists('hex2bin')) {
function hex2bin($s) {
if(! ctype_xdigit($s)) {
logger('hex2bin: illegal input: ' . print_r(debug_backtrace(), true));
return($s);
}
return(pack("H*",$s));
}}
// Automatic pagination.
// To use, get the count of total items.
// Then call $a->set_pager_total($number_items);
// Optionally call $a->set_pager_itemspage($n) to the number of items to display on each page
// Then call paginate($a) after the end of the display loop to insert the pager block on the page
// (assuming there are enough items to paginate).
// When using with SQL, the setting LIMIT %d, %d => $a->pager['start'],$a->pager['itemspage']
// will limit the results to the correct items for the current page.
// The actual page handling is then accomplished at the application layer.
if(! function_exists('paginate')) {
function paginate(&$a) {
$o = '';
$stripped = preg_replace('/(&page=[0-9]*)/','',$a->query_string);
$stripped = str_replace('q=','',$stripped);
$stripped = trim($stripped,'/');
$pagenum = $a->pager['page'];
$url = $a->get_baseurl() . '/' . $stripped;
if($a->pager['total'] > $a->pager['itemspage']) {
$o .= '
'."\r\n";
}
return $o;
}}
// Turn user/group ACLs stored as angle bracketed text into arrays
if(! function_exists('expand_acl')) {
function expand_acl($s) {
// turn string array of angle-bracketed elements into numeric array
// e.g. "<1><2><3>" => array(1,2,3);
$ret = array();
if(strlen($s)) {
$t = str_replace('<','',$s);
$a = explode('>',$t);
foreach($a as $aa) {
if(intval($aa))
$ret[] = intval($aa);
}
}
return $ret;
}}
// Used to wrap ACL elements in angle brackets for storage
if(! function_exists('sanitise_acl')) {
function sanitise_acl(&$item) {
if(intval($item))
$item = '<' . intval(notags(trim($item))) . '>';
else
unset($item);
}}
// Convert an ACL array to a storable string
if(! function_exists('perms2str')) {
function perms2str($p) {
$ret = '';
$tmp = $p;
if(is_array($tmp)) {
array_walk($tmp,'sanitise_acl');
$ret = implode('',$tmp);
}
return $ret;
}}
// generate a guaranteed unique (for this domain) item ID for ATOM
// safe from birthday paradox
if(! function_exists('item_new_uri')) {
function item_new_uri($hostname,$uid) {
do {
$dups = false;
$hash = random_string();
$uri = "urn:X-dfrn:" . $hostname . ':' . $uid . ':' . $hash;
$r = q("SELECT `id` FROM `item` WHERE `uri` = '%s' LIMIT 1",
dbesc($uri));
if(count($r))
$dups = true;
} while($dups == true);
return $uri;
}}
// Generate a guaranteed unique photo ID.
// safe from birthday paradox
if(! function_exists('photo_new_resource')) {
function photo_new_resource() {
do {
$found = false;
$resource = hash('md5',uniqid(mt_rand(),true));
$r = q("SELECT `id` FROM `photo` WHERE `resource-id` = '%s' LIMIT 1",
dbesc($resource)
);
if(count($r))
$found = true;
} while($found == true);
return $resource;
}}
// wrapper to load a view template, checking for alternate
// languages before falling back to the default
// obsolete, deprecated.
if(! function_exists('load_view_file')) {
function load_view_file($s) {
global $lang, $a;
if(! isset($lang))
$lang = 'en';
$b = basename($s);
$d = dirname($s);
if(file_exists("$d/$lang/$b"))
return file_get_contents("$d/$lang/$b");
$theme = current_theme();
if(file_exists("$d/theme/$theme/$b"))
return file_get_contents("$d/theme/$theme/$b");
return file_get_contents($s);
}}
if(! function_exists('get_intltext_template')) {
function get_intltext_template($s) {
global $lang;
if(! isset($lang))
$lang = 'en';
if(file_exists("view/$lang/$s"))
return file_get_contents("view/$lang/$s");
elseif(file_exists("view/en/$s"))
return file_get_contents("view/en/$s");
else
return file_get_contents("view/$s");
}}
if(! function_exists('get_markup_template')) {
function get_markup_template($s) {
$theme = current_theme();
if(file_exists("view/theme/$theme/$s"))
return file_get_contents("view/theme/$theme/$s");
else
return file_get_contents("view/$s");
}}
// for html,xml parsing - let's say you've got
// an attribute foobar="class1 class2 class3"
// and you want to find out if it contains 'class3'.
// you can't use a normal sub string search because you
// might match 'notclass3' and a regex to do the job is
// possible but a bit complicated.
// pass the attribute string as $attr and the attribute you
// are looking for as $s - returns true if found, otherwise false
if(! function_exists('attribute_contains')) {
function attribute_contains($attr,$s) {
$a = explode(' ', $attr);
if(count($a) && in_array($s,$a))
return true;
return false;
}}
if(! function_exists('logger')) {
function logger($msg,$level = 0) {
$debugging = get_config('system','debugging');
$loglevel = intval(get_config('system','loglevel'));
$logfile = get_config('system','logfile');
if((! $debugging) || (! $logfile) || ($level > $loglevel))
return;
@file_put_contents($logfile, datetime_convert() . ':' . session_id() . ' ' . $msg . "\n", FILE_APPEND);
return;
}}
if(! function_exists('activity_match')) {
function activity_match($haystack,$needle) {
if(($haystack === $needle) || ((basename($needle) === $haystack) && strstr($needle,NAMESPACE_ACTIVITY_SCHEMA)))
return true;
return false;
}}
// Pull out all #hashtags and @person tags from $s;
// We also get @person@domain.com - which would make
// the regex quite complicated as tags can also
// end a sentence. So we'll run through our results
// and strip the period from any tags which end with one.
// Returns array of tags found, or empty array.
if(! function_exists('get_tags')) {
function get_tags($s) {
$ret = array();
// ignore anything in a code block
$s = preg_replace('/\[code\](.*?)\[\/code\]/sm','',$s);
// Match full names against @tags including the space between first and last
// We will look these up afterward to see if they are full names or not recognisable.
if(preg_match_all('/(@[^ \x0D\x0A,:?]+ [^ \x0D\x0A,:?]+)([ \x0D\x0A,:?]|$)/',$s,$match)) {
foreach($match[1] as $mtch) {
if(strstr($mtch,"]")) {
// we might be inside a bbcode color tag - leave it alone
continue;
}
if(substr($mtch,-1,1) === '.')
$ret[] = substr($mtch,0,-1);
else
$ret[] = $mtch;
}
}
// Otherwise pull out single word tags. These can be @nickname, @first_last
// and #hash tags.
if(preg_match_all('/([@#][^ \x0D\x0A,:?]+)([ \x0D\x0A,:?]|$)/',$s,$match)) {
foreach($match[1] as $mtch) {
if(strstr($mtch,"]")) {
// we might be inside a bbcode color tag - leave it alone
continue;
}
// ignore strictly numeric tags like #1
if((strpos($mtch,'#') === 0) && ctype_digit(substr($mtch,1)))
continue;
if(substr($mtch,-1,1) === '.')
$ret[] = substr($mtch,0,-1);
else
$ret[] = $mtch;
}
}
return $ret;
}}
// quick and dirty quoted_printable encoding
if(! function_exists('qp')) {
function qp($s) {
return str_replace ("%","=",rawurlencode($s));
}}
if(! function_exists('get_mentions')) {
function get_mentions($item) {
$o = '';
if(! strlen($item['tag']))
return $o;
$arr = explode(',',$item['tag']);
foreach($arr as $x) {
$matches = null;
if(preg_match('/@\[url=([^\]]*)\]/',$x,$matches)) {
$o .= "\t\t" . '' . "\r\n";
$o .= "\t\t" . '' . "\r\n";
}
}
return $o;
}}
if(! function_exists('contact_block')) {
function contact_block() {
$o = '';
$a = get_app();
$shown = get_pconfig($a->profile['uid'],'system','display_friend_count');
if(! $shown)
$shown = 24;
if((! is_array($a->profile)) || ($a->profile['hide-friends']))
return $o;
$r = q("SELECT COUNT(*) AS `total` FROM `contact` WHERE `uid` = %d AND `self` = 0 AND `blocked` = 0 and `pending` = 0",
intval($a->profile['uid'])
);
if(count($r)) {
$total = intval($r[0]['total']);
}
if(! $total) {
$o .= '
' . t('No contacts') . '
';
return $o;
}
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 0 AND `blocked` = 0 and `pending` = 0 ORDER BY RAND() LIMIT %d",
intval($a->profile['uid']),
intval($shown)
);
if(count($r)) {
$o .= '